By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,374 Members | 1,768 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,374 IT Pros & Developers. It's quick & easy.

PHP Error

P: 1
i have two file with form.html calling register.php
<!-- form.html -->
<form action = "register.php" method="post">
username:<input type="text" name="username">
password:<input type="text" name="password">
<input type="submit" name="submit" value="register">
<!óregister.php -->
$host = "localhost";
$username = "root";
$password = "";
$database = "db";
$table = "register";
mysql_connect("$host", "$username", "$password") or die(mysql_error());
mysql_select_db("$database") or die(mysql_error());
$mysql = "INSERT INTO $table (username, password)
('$_POST[username]', '$_POST[password]')";
if( !mysql_query($mysql))
echo "data inserted";
But I am getting error msg:
Notice: Undefined index: username in E:\wamp\www\register.php on line 11
Notice: Undefined index: password in E:\wamp\www\register.php on line 11

why??Please help me..
Oct 28 '11 #1
Share this Question
Share on Google+
1 Reply

P: 1,059
here is some instruction about PHP string join

Expand|Select|Wrap|Line Numbers
  1. <?php
  2.  //good practice
  3.  $a="abc ".$b.$c;
  4.  //bad practice
  5.  $a="abc $b$c";
  6.  //worse practive
  7.  $a="$b";//why on earth you need to do that?????
  8. ?>
write your query like below:
Expand|Select|Wrap|Line Numbers
  1. $mysql = "INSERT INTO ".$table."(username, password)
  2. VALUES('".$_POST['username']."', '".$_POST['password']."')"; //even now it is stupid idea. 
  4. //the better code is
  5. $mysql = "INSERT INTO ".$table."(username, password)
  6. VALUES('".mysql_real_escape_string($_POST['username'])."', '".mysql_real_escape_string($_POST['password'])."')"; //It will give you some security. 
  7. //but yet what if your table got stolen in some other way, any one can see your password easily. 
  9. //here is a better one
  10. $mysql = "INSERT INTO ".$table."(username, password)
  11. VALUES('".mysql_real_escape_string($_POST['username'])."',PASSWORD( '".mysql_real_escape_string($_POST['password'])."'))";
Oct 28 '11 #2

Post your reply

Sign in to post your reply or Sign up for a free account.